Hello,
It was 2 days ago. The USB that I got the infection from had a shortcut and all the data was inside that shortcut. I pulled it out and plugged in my USB and I noticed that the shortcut was made and all the data was copied in it. I went to the task manager to see the running processes and found msinstaller.msi running. Startup had one more entry added to it, in which there was some file and masiinstaller listed. I disbaled them from starting up with the windows, browsed the file located in the user folder's appdata with winrar and deleted it. (I was connected to the internet and I presume something was installed on my machine)
I noticed that my folder options have been changed from "show hidden files" to "do not show hidden files"
I tried to do a clean install. When I tried to boot fromthe USB, there was no option during the start up to boot from external device. I went to the bios options and changed the boot device order. Then I tried again and I saw the option to boot from the USB , when I tried it the point where the first screen shows it took a long pause and then booted from the harddrive. Tried it several times with no success.
I also tried to do system restore but it couldn't complete giving error that it can't access the necessary files.
I scanned the boot sectors and entire system with Avira free and zonealarm trial version but they couldn't detect anything. I think the malware had installed some genuine addon to bypass the boot from external drives.
Lastly, with winrar I see a lot's of files in my user account that weren't there before. Here are the screenshots-
http://i.imgur.com/UNz7Ms7.jpg
http://i.imgur.com/O5qefqX.jpg
The malware has changed a lot of things into the registry.
I just want to do a clean install from USB. I don't have any files to back up on the windows partition.
Any help will be greatly appreciated. Awaiting reply
It was 2 days ago. The USB that I got the infection from had a shortcut and all the data was inside that shortcut. I pulled it out and plugged in my USB and I noticed that the shortcut was made and all the data was copied in it. I went to the task manager to see the running processes and found msinstaller.msi running. Startup had one more entry added to it, in which there was some file and masiinstaller listed. I disbaled them from starting up with the windows, browsed the file located in the user folder's appdata with winrar and deleted it. (I was connected to the internet and I presume something was installed on my machine)
I noticed that my folder options have been changed from "show hidden files" to "do not show hidden files"
I tried to do a clean install. When I tried to boot fromthe USB, there was no option during the start up to boot from external device. I went to the bios options and changed the boot device order. Then I tried again and I saw the option to boot from the USB , when I tried it the point where the first screen shows it took a long pause and then booted from the harddrive. Tried it several times with no success.
I also tried to do system restore but it couldn't complete giving error that it can't access the necessary files.
I scanned the boot sectors and entire system with Avira free and zonealarm trial version but they couldn't detect anything. I think the malware had installed some genuine addon to bypass the boot from external drives.
Lastly, with winrar I see a lot's of files in my user account that weren't there before. Here are the screenshots-
http://i.imgur.com/UNz7Ms7.jpg
http://i.imgur.com/O5qefqX.jpg
The malware has changed a lot of things into the registry.
I just want to do a clean install from USB. I don't have any files to back up on the windows partition.
Any help will be greatly appreciated. Awaiting reply
